Hey guys,
Authentication topic today ๐
We all know that Laravel ships the default Email & Password authentication for us. The good'ol traditional way.
However, it's 2024 now. By registering using Email & Password, then users have to verify their emails. It's way bad UX and reduces your sign-up rates.
The passwordless
is here to save the day ๐
The PROs of using Passwordless Authentication
Sign-up user flow will be really fast, with fewer inputs (or even 0 inputs) ๐
The pain of remembering passwords is gone ๐ฅฐ
Save storage cuz we don't really store users' passwords (encrypted obviously) in our DB ๐ฅน
Verify the user's email in 1 go, 2 birds with 1 stone.
Laravel Passwordless Authentication - The Approaches
Social Auth
By utilizing Laravel Socialite, we can provide a quick sign-up/sign-in flow using:
Google
GitHub
(or any awesome platform out there)
After users sign in, Laravel Socialite will give you some basic details: open id, full name, email, and profile picture.
Then simply do an upsert
operation and Auth::login($user)
to sign your user in ๐
Magic Link via Email
For this, we only need users to input their email and their names, and then we are all good ๐น
For this, you might need to implement your own generated_magic_links
table, e.g:
id
user_id
hash
You can create a temporary user
with email_verified_at = NULL
. Then send out the email using Laravel Mail feature.
On the user's first visit, you touch
the email_verified_at
, then log them in ๐ฅ
Easy right?
Other ways
Send SMS (cost more lol)
Use TOTP (time-based one-time password as temporary password)
Considerations
- To increase the security, we can apply the
two-factor authentication
method after logging in.
Conclusions
My applications use Passwordless authentication, check out RenderPDF.io as an example ๐.
Using passwordless is really cool and hassle-free. Fewer inputs, a happier life.
Happy coding guys!